From 68863e3194c0cacbc8ee42e27c8ab07b21568d72 Mon Sep 17 00:00:00 2001
From: John Duggan <dugganjw@ornl.gov>
Date: Tue, 24 Jun 2025 13:38:55 -0400
Subject: [PATCH 1/3] Bump version

---
 .gitlab-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 72cc0c838b..b264196f4c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,8 +9,8 @@ variables:
   CONTAINER_GALAXY_URL: "${NDIP_DOCKER_REPOSITORY}/${CI_PROJECT_PATH}"
   CONTAINER_GALAXY_BASE_URL: "${CONTAINER_GALAXY_URL}/base"
   CONTAINER_GALAXY_COMMIT_URL: "${CONTAINER_GALAXY_URL}/commit"
-  GALAXY_VERSION_PYTHON: 24.2.dev2+ornl
-  GALAXY_VERSION_DOCKER: 24.2.dev2.ornl
+  GALAXY_VERSION_PYTHON: 24.2.dev3+ornl
+  GALAXY_VERSION_DOCKER: 24.2.dev3.ornl
 
 # This import is for the func_rse_docker_* functions
 before_script:
-- 
GitLab


From 2d080a113ee1bc3551ebe01f63ee5e41e8a942a3 Mon Sep 17 00:00:00 2001
From: John Duggan <dugganjw@ornl.gov>
Date: Tue, 1 Jul 2025 11:55:37 -0400
Subject: [PATCH 2/3] Allow passing user groups to containers without setting
 the user

---
 .gitlab-ci.yml                                 | 4 ++--
 lib/galaxy/jobs/runners/__init__.py            | 3 +++
 lib/galaxy/tool_util/deps/container_classes.py | 4 ++++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b264196f4c..bc8d4048ed 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,8 +9,8 @@ variables:
   CONTAINER_GALAXY_URL: "${NDIP_DOCKER_REPOSITORY}/${CI_PROJECT_PATH}"
   CONTAINER_GALAXY_BASE_URL: "${CONTAINER_GALAXY_URL}/base"
   CONTAINER_GALAXY_COMMIT_URL: "${CONTAINER_GALAXY_URL}/commit"
-  GALAXY_VERSION_PYTHON: 24.2.dev3+ornl
-  GALAXY_VERSION_DOCKER: 24.2.dev3.ornl
+  GALAXY_VERSION_PYTHON: 24.2.dev4+ornl
+  GALAXY_VERSION_DOCKER: 24.2.dev4.ornl
 
 # This import is for the func_rse_docker_* functions
 before_script:
diff --git a/lib/galaxy/jobs/runners/__init__.py b/lib/galaxy/jobs/runners/__init__.py
index 70f3b26505..f29adeaaf1 100644
--- a/lib/galaxy/jobs/runners/__init__.py
+++ b/lib/galaxy/jobs/runners/__init__.py
@@ -541,6 +541,7 @@ class BaseJobRunner:
             return
 
         set_user = user_oidc_config.get("docker_set_user", False)
+        set_user_groups = user_oidc_config.get("docker_set_user_groups", False)
         env_var = user_oidc_config.get("docker_add_user_to_env", None)
 
         if not set_user and not env_var:
@@ -572,6 +573,8 @@ class BaseJobRunner:
 
         if set_user:
             destination_info["set_host_user"] = username
+        if set_user_groups:
+            destination_info["set_host_user_groups"] = username
         if env_var:
             destination_info["pass_host_user_to_env"] = env_var + "=" + username
         return
diff --git a/lib/galaxy/tool_util/deps/container_classes.py b/lib/galaxy/tool_util/deps/container_classes.py
index 2391d7fc7b..cb15caabc8 100644
--- a/lib/galaxy/tool_util/deps/container_classes.py
+++ b/lib/galaxy/tool_util/deps/container_classes.py
@@ -481,8 +481,12 @@ class DockerContainer(Container, HasDockerLikeVolumes):
         run_extra_arguments = self.prop("run_extra_arguments", docker_util.DEFAULT_RUN_EXTRA_ARGUMENTS)
         group_command = ""
         host_user = self.destination_info.get("set_host_user", None)
+        user_with_groups = self.destination_info.get("set_host_user_groups", None)
         if host_user:
             group_command = string.Template(SET_USER_GROUPS_TEMPLATE).safe_substitute(username=host_user)
+        elif user_with_groups:
+            group_command = string.Template(SET_USER_GROUPS_TEMPLATE).safe_substitute(username=user_with_groups)
+        if group_command:
             if run_extra_arguments:
                 run_extra_arguments = run_extra_arguments + " $GROUPADD"
             else:
-- 
GitLab


From e1cc460f75c4af1934f71d67e5bb8047ad74e2a4 Mon Sep 17 00:00:00 2001
From: John Duggan <dugganjw@ornl.gov>
Date: Thu, 3 Jul 2025 09:22:27 -0400
Subject: [PATCH 3/3] Rename the new destination_info key

---
 lib/galaxy/jobs/runners/__init__.py            | 2 +-
 lib/galaxy/tool_util/deps/container_classes.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/galaxy/jobs/runners/__init__.py b/lib/galaxy/jobs/runners/__init__.py
index f29adeaaf1..86b4e95dec 100644
--- a/lib/galaxy/jobs/runners/__init__.py
+++ b/lib/galaxy/jobs/runners/__init__.py
@@ -574,7 +574,7 @@ class BaseJobRunner:
         if set_user:
             destination_info["set_host_user"] = username
         if set_user_groups:
-            destination_info["set_host_user_groups"] = username
+            destination_info["host_user_to_set_groups_from"] = username
         if env_var:
             destination_info["pass_host_user_to_env"] = env_var + "=" + username
         return
diff --git a/lib/galaxy/tool_util/deps/container_classes.py b/lib/galaxy/tool_util/deps/container_classes.py
index cb15caabc8..c38c48ba9c 100644
--- a/lib/galaxy/tool_util/deps/container_classes.py
+++ b/lib/galaxy/tool_util/deps/container_classes.py
@@ -481,7 +481,7 @@ class DockerContainer(Container, HasDockerLikeVolumes):
         run_extra_arguments = self.prop("run_extra_arguments", docker_util.DEFAULT_RUN_EXTRA_ARGUMENTS)
         group_command = ""
         host_user = self.destination_info.get("set_host_user", None)
-        user_with_groups = self.destination_info.get("set_host_user_groups", None)
+        user_with_groups = self.destination_info.get("host_user_to_set_groups_from", None)
         if host_user:
             group_command = string.Template(SET_USER_GROUPS_TEMPLATE).safe_substitute(username=host_user)
         elif user_with_groups:
-- 
GitLab